Menu
▾
▴
[Web-erp-svn] SF.net SVN: web-erp:[4861] trunk
|
From: <vv...@us...> - 2012-01-31 21:49:08
|
Revision: 4861
http://web-erp.svn.sourceforge.net/web-erp/?rev=4861&view=rev
Author: vvs2012
Date: 2012-01-31 21:48:58 +0000 (Tue, 31 Jan 2012)
Log Message:
-----------
Added DB_escape_string before ItemDescription and SupplierName in GoodsReceived.php to prevent problems with '.
Modified Paths:
--------------
trunk/GoodsReceived.php
trunk/ReorderLevelLocation.php
trunk/ReverseGRN.php
trunk/SuppInvGRNs.php
trunk/doc/Change.log
trunk/includes/ConnectDB_mysql.inc
trunk/includes/ConnectDB_mysqli.inc
Modified: trunk/GoodsReceived.php
===================================================================
--- trunk/GoodsReceived.php 2012-01-31 18:46:10 UTC (rev 4860)
+++ trunk/GoodsReceived.php 2012-01-31 21:48:58 UTC (rev 4861)
@@ -448,7 +448,7 @@
VALUES ('" . $GRN . "',
'" . $OrderLine->PODetailRec . "',
'" . $OrderLine->StockID . "',
- '" . $OrderLine->ItemDescription . "',
+ '" . DB_escape_string($OrderLine->ItemDescription) . "',
'" . $_POST['DefaultReceivedDate'] . "',
'" . $OrderLine->ReceiveQty . "',
'" . $_SESSION['PO'.$identifier]->SupplierID . "',
@@ -507,7 +507,7 @@
'" . $_POST['DefaultReceivedDate'] . "',
'" . $LocalCurrencyPrice . "',
'" . $PeriodNo . "',
- '" . $_SESSION['PO'.$identifier]->SupplierID . " (" . $_SESSION['PO'.$identifier]->SupplierName . ") - " .$_SESSION['PO'.$identifier]->OrderNo . "',
+ '" . $_SESSION['PO'.$identifier]->SupplierID . " (" . DB_escape_string($_SESSION['PO'.$identifier]->SupplierName) . ") - " .$_SESSION['PO'.$identifier]->OrderNo . "',
'" . $OrderLine->ReceiveQty . "',
'" . $_SESSION['PO'.$identifier]->LineItems[$OrderLine->LineNo]->StandardCost . "',
'" . ($QtyOnHandPrior + $OrderLine->ReceiveQty) . "'
@@ -662,7 +662,7 @@
'" . $PeriodNo . "',
'" . $OrderLine->GLCode . "',
'PO: " . $_SESSION['PO'.$identifier]->OrderNo . " " . $_SESSION['PO'.$identifier]->SupplierID . " - " . $OrderLine->StockID
- . " - " . $OrderLine->ItemDescription . " x " . $OrderLine->ReceiveQty . " @ " .
+ . " - " . DB_escape_string($OrderLine->ItemDescription) . " x " . $OrderLine->ReceiveQty . " @ " .
locale_number_format($CurrentStandardCost,$_SESSION['CompanyRecord']['decimalplaces']) . "',
'" . $CurrentStandardCost * $OrderLine->ReceiveQty . "'
)";
@@ -686,7 +686,7 @@
'" . $_POST['DefaultReceivedDate'] . "',
'" . $PeriodNo . "',
'" . $_SESSION['CompanyRecord']['grnact'] . "',
- '" . _('PO'.$identifier) . ': ' . $_SESSION['PO'.$identifier]->OrderNo . ' ' . $_SESSION['PO'.$identifier]->SupplierID . ' - ' . $OrderLine->StockID . ' - ' . $OrderLine->ItemDescription . ' x ' . $OrderLine->ReceiveQty . ' @ ' . locale_number_format($UnitCost,$_SESSION['CompanyRecord']['decimalplaces']) . "',
+ '" . _('PO'.$identifier) . ': ' . $_SESSION['PO'.$identifier]->OrderNo . ' ' . $_SESSION['PO'.$identifier]->SupplierID . ' - ' . $OrderLine->StockID . ' - ' . DB_escape_string($OrderLine->ItemDescription) . ' x ' . $OrderLine->ReceiveQty . ' @ ' . locale_number_format($UnitCost,$_SESSION['CompanyRecord']['decimalplaces']) . "',
'" . -$UnitCost * $OrderLine->ReceiveQty . "'
)";
Modified: trunk/ReorderLevelLocation.php
===================================================================
--- trunk/ReorderLevelLocation.php 2012-01-31 18:46:10 UTC (rev 4860)
+++ trunk/ReorderLevelLocation.php 2012-01-31 21:48:58 UTC (rev 4861)
@@ -139,7 +139,7 @@
<td class="number">'.$QtyInvoice.'</td>
<td class="number">'.$ohRow['0'].'</td>
<td class="number">'.$ohinRow['0'].'</td>
- <td><input type="text" class="number" name="ReorderLevel' . $i .'" maxlength="3" size="4" value="'. locale_number_format($myrow['reorderlevel'],0) .'" />
+ <td><input type="text" class="number" name="ReorderLevel' . $i .'" maxlength="10" size="10" value="'. locale_number_format($myrow['reorderlevel'],0) .'" />
<input type="hidden" name="StockID' . $i . '" value="' . $myrow['stockid'] . '" /></td>
</tr> ';
$i++;
Modified: trunk/ReverseGRN.php
===================================================================
--- trunk/ReverseGRN.php 2012-01-31 18:46:10 UTC (rev 4860)
+++ trunk/ReverseGRN.php 2012-01-31 21:48:58 UTC (rev 4861)
@@ -221,7 +221,7 @@
$Result=DB_query($SQL,$db,$ErrMsg,$DbgMsg,true);
/* If its a stock item .... Insert stock movements - with unit cost */
-
+ $NewQtyOnHand = $QtyOnHandPrior - $QtyToReverse;
$SQL = "INSERT INTO stockmoves (stockid,
type,
transno,
@@ -242,7 +242,7 @@
'" . _('Reversal') . ' - ' . $_POST['SupplierID'] . ' - ' . $GRN['orderno'] . "',
'" . -$QtyToReverse . "',
'" . $GRN['stdcostunit'] . "',
- '" . $QtyOnHandPrior - $QtyToReverse . "'
+ '" . $NewQtyOnHand . "'
)";
$ErrMsg = _('CRITICAL ERROR') . '! ' . _('NOTE DOWN THIS ERROR AND SEEK ASSISTANCE') . ': ' . _('Stock movement records could not be inserted because');
Modified: trunk/SuppInvGRNs.php
===================================================================
--- trunk/SuppInvGRNs.php 2012-01-31 18:46:10 UTC (rev 4860)
+++ trunk/SuppInvGRNs.php 2012-01-31 21:48:58 UTC (rev 4861)
@@ -80,7 +80,7 @@
if (!is_numeric(filter_number_format($_POST['ChgPrice'])) AND filter_number_format($_POST['ChgPrice'])<0){
$InputError = True;
prnMsg(_('The price charged in the suppliers currency is either not numeric or negative') . '. ' . _('The goods received cannot be invoiced at this price'),'error');
- } elseif ($_SESSION['Check_Price_Charged_vs_Order_Price'] == True) {
+ } elseif ($_SESSION['Check_Price_Charged_vs_Order_Price'] == True AND $_POST['OrderPrice'] != 0) {
if (filter_number_format($_POST['ChgPrice'])/$_POST['OrderPrice'] > (1+ ($_SESSION['OverChargeProportion'] / 100))){
prnMsg(_('The price being invoiced is more than the purchase order price by more than') . ' ' . $_SESSION['OverChargeProportion'] . '%. ' .
_('The system is set up to prohibit this so will put this invoice on hold until it is authorised'),'warn');
Modified: trunk/doc/Change.log
===================================================================
--- trunk/doc/Change.log 2012-01-31 18:46:10 UTC (rev 4860)
+++ trunk/doc/Change.log 2012-01-31 21:48:58 UTC (rev 4861)
@@ -1,5 +1,6 @@
webERP Change Log
+31/1/12 Vitaly: Added DB_escape_string before ItemDescription and SupplierName in GoodsReceived.php to prevent problems with '.
31/1/12 Phil: Stocks.php error on changing a stock category the journal between the stock GL accounts was not working because $NewStockAccount should have been $NewStockAct
31/1/12 Phil: PO_Items.php removed $Maximum_Number_Of_Parts_To_Show should exist when we are already limiting the output of the query based on the configuraiton option $_SESSION['DefaultDisplayRecordsMax'];
30/1/12 Vitaly: Removed extra 'AND' in SQL statement in ReverseGRN.php
Modified: trunk/includes/ConnectDB_mysql.inc
===================================================================
--- trunk/includes/ConnectDB_mysql.inc 2012-01-31 18:46:10 UTC (rev 4860)
+++ trunk/includes/ConnectDB_mysql.inc 2012-01-31 21:48:58 UTC (rev 4861)
@@ -165,7 +165,7 @@
}
function DB_escape_string($String){
- return mysql_real_escape_string(htmlspecialchars($String, ENT_COMPAT, 'utf-8'));
+ return mysql_real_escape_string(htmlspecialchars($String, ENT_COMPAT, 'utf-8', false));
}
function DB_show_tables(&$Conn){
Modified: trunk/includes/ConnectDB_mysqli.inc
===================================================================
--- trunk/includes/ConnectDB_mysqli.inc 2012-01-31 18:46:10 UTC (rev 4860)
+++ trunk/includes/ConnectDB_mysqli.inc 2012-01-31 21:48:58 UTC (rev 4861)
@@ -177,7 +177,7 @@
function DB_escape_string($String){
global $db;
- return mysqli_real_escape_string($db, htmlspecialchars($String, ENT_COMPAT,'utf-8'));
+ return mysqli_real_escape_string($db, htmlspecialchars($String, ENT_COMPAT,'utf-8', false));
}
function DB_show_tables(&$Conn){
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
